Computer Science Department
School of Computer Science, Carnegie Mellon University


Enabling Dynamic Security Management of Networked Systems
via Device-Embedded Security

Gregory R. Ganger, David F. Nagle

December 2000

Keywords: Security, survivability, intrusion tolerance, storage systems, network-attached storage

This report contains the technical content of a recent funding proposal. In it, we propose a new approach to network security in which each individual device erects its own security perimeter and defends its own critical resources. Together with conventional border defenses (e.g., firewalls and OS kernels), such self-securing devices could provide a flexible infrastructure for dynamic prevention, detection, diagnosis, isolation, and repair of successful breaches in borders and device security perimeters.

Managing network security is difficult in current systems, because a small number of border protections are used to protect a large number of resources. We plan to explore the fundamental principles and practical costs/benefits of embedding security functionality into infrastructural devices, such as network interface cards (NICs), network-attached storage (NAS) devices, video surveillance equipment, and network switches and routers. The report offers several examples of how different devices might be extended with embedded security functionality and outlines some challenge of designing and managing self-securing devices.

15 pages

Return to: SCS Technical Report Collection
School of Computer Science homepage

This page maintained by